Slack announces breach, unauthorized access to database

Team communication platform Slack announced on Friday that for roughly four days in February unauthorized access was gained to a database and suspicious activity has subsequently been detected on a small number of accounts.

The information in the database that was accessible during the incident includes usernames, email addresses and encrypted passwords, according to a release, which adds that optional information, such as phone numbers and Skype IDs, could have been impacted as well.

“Slack's hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form,” the release states.

An investigation is ongoing. Slack has implemented two-factor authentication, as well as a feature that allow for team-wide resetting of passwords and forced termination of all user sessions for all team members.

Techscape is SC Media’s content marketing platform. Industry experts share their views in the following categories

Partner Content is sponsored content brought to you by a vendor

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.